SonyBMG EULA and "rootkit" : Truth-In-EULA opportunity?

Meanwhile, lawprof Eric Goldman asks whether the SonyBMG EULA
adequately disclosed what the company was doing to users'
computers. If not, the company may be legally liable for trespass to
chattels, or may even have violated the Computer Fraud and Abuse
Act. Goldman concludes that the disclosure may be adequate as a legal
matter, though he doesn't assert that it's a good business practice.

While the legal question is beyond my expertise, it's awfully hard to
see how, from a common-sense viewpoint, SonyBMG could be said to have
disclosed that they might be installing rootkit-like software. Surely
the user's consent to installing "a small proprietary software program ...
intended to protect the audio files embodied on the CD" does not
give SonyBMG free rein to do absolutely anything they like to the
user's computer. Whether, as a legal matter, Sony exceeded their
user-granted authorization to modify the user's computer would
ultimately be for a court to decide.

Goldman says, with some justification, that today's EULAs expose a
"crisis" in contract law by attenuating, almost beyond recognition,
the notion of consent to a contract. Part of the problem is the
well-known fact that hardly anybody reads EULAs. But another part of
the problem is that EULAs don't give even the most diligent users a
clear idea of what they are consenting to.

I run into something like this issue all the time when discussing
censorware. If a censorware program is described as "filtering
pornography", people are highly likely to be in favor of it. If I
bring up the fact that censorware requires the loss of all privacy, anonymity, or even third-party content services, sometimes I can get people to think a bit more
deeply about the implications (if I'm not getting flack from certain
other activists who give me tremendous grief for taking that approach ...).
But, sadly, it's a struggle.

I suspect it's going to be very difficult to get any sort of Truth-In-EULA
obligations, to require understandable disclosure, given the spotty
record of attempts at
requiring
plain language legal contracts.

Still, it's a good-talking point. Anyone for a "Truth In EULA"
legal proposal? That is, a disclosure cannot be legally
deemed to have been made unless a "reasonable" person would have some
sort of "material" understanding of the risk entailed in the "small
proprietary software program"?

It may not pass, it likely won't pass. But it would be a great
opportunity to publicly grill some of the most egregious offenders.

A problem of "plain language" proposals is that it is awfully hard to define, much less in plain language! I think that it's not entirely impossible to get a "plain language truthful EULA" proposal passed, but making it effective would be a lot harder. That said, courts in many jurisdictions do interpret contracts according to the sophistication of the user who is supposed to sign them in different ways, and can declare them unenforceable.